feat: Authenticate with ASTP-AI Cognito API and get access token

[#OCD-4757]

Author: kekey1

chpl/chpl-api/src/main/java/gov/healthit/chpl/ApiExceptionControllerAdvice.java

@@ -19,6 +19,7 @@
 
 import com.datadog.api.client.ApiException;
 
+import gov.healthit.chpl.astpai.AstpAiRequestFailedException;
 import gov.healthit.chpl.auth.ChplAccountEmailNotConfirmedException;
 import gov.healthit.chpl.domain.error.ErrorResponse;
 import gov.healthit.chpl.domain.error.ObjectMissingValidationErrorResponse;
@@ -77,6 +78,14 @@ public ResponseEntity<ErrorResponse> exception(JiraRequestFailedException e) {
                 HttpStatus.NO_CONTENT);
     }
 
+    @ExceptionHandler(AstpAiRequestFailedException.class)
+    public ResponseEntity<ErrorResponse> exception(AstpAiRequestFailedException e) {
+        LOGGER.error(e.getMessage());
+        return new ResponseEntity<ErrorResponse>(
+                new ErrorResponse("ASTP-AI information is not currently available, please check back later."),
+                HttpStatus.NO_CONTENT);
+    }
+
     @ExceptionHandler(InsightRequestFailedException.class)
     public ResponseEntity<ErrorResponse> exception(InsightRequestFailedException e) {
         LOGGER.error(e.getMessage());

chpl/chpl-api/src/main/java/gov/healthit/chpl/web/controller/RealWorldTestingController.java

@@ -16,6 +16,9 @@
 import org.springframework.web.multipart.MultipartFile;
 
 import gov.healthit.chpl.FeatureList;
+import gov.healthit.chpl.astpai.AmazonTokenResponse;
+import gov.healthit.chpl.astpai.AstpAiAuthenticationService;
+import gov.healthit.chpl.astpai.AstpAiRequestFailedException;
 import gov.healthit.chpl.domain.schedule.ChplOneTimeTrigger;
 import gov.healthit.chpl.exception.UserRetrievalException;
 import gov.healthit.chpl.exception.ValidationException;
@@ -33,15 +36,18 @@
 @RequestMapping("/real-world-testing")
 public class RealWorldTestingController {
 
+    private AstpAiAuthenticationService authService;
     private RealWorldTestingManager realWorldTestingManager;
     private FF4j ff4j;
     private ServerEnvironment serverEnvironment;
 
     @Autowired
     public RealWorldTestingController(RealWorldTestingManager realWorldTestingManager,
+            AstpAiAuthenticationService authService,
             FF4j ff4j,
             @Value("${server.environment}") String serverEnvironment) {
         this.realWorldTestingManager = realWorldTestingManager;
+        this.authService = authService;
         this.ff4j = ff4j;
         this.serverEnvironment = serverEnvironment != null ? ServerEnvironment.getByName(serverEnvironment) : null;
     }
@@ -81,4 +87,18 @@ public RealWorldTestingController(RealWorldTestingManager realWorldTestingManage
         }
         return realWorldTestingManager.validateResultsUrlAsBackgroundJob(request);
     }
+
+    @Operation(summary = "Create and run a background job that fetches Real World Testing validation information "
+            + "about any URL. The validation is expecting an RWT Results URL. Validation data will be emailed to the "
+            + "logged-in user.",
+            security = {
+                    @SecurityRequirement(name = SwaggerSecurityRequirement.API_KEY),
+                    @SecurityRequirement(name = SwaggerSecurityRequirement.BEARER)
+            })
+    @RequestMapping(value = "/astp-ai-auth", method = RequestMethod.POST)
+    public @ResponseBody AmazonTokenResponse authenticateToAspAi(@RequestBody RealWorldTestingResultsUrlValidationRequest request)
+            throws AstpAiRequestFailedException {
+
+        return authService.authenticate();
+    }
 }

chpl/chpl-resources/src/main/resources/environment.properties

@@ -119,6 +119,14 @@ jira.nonconformityUrl=/search/?maxResults=100&jql=project="Review for Signals/Di
 insight.submissionsUrl=https://healthit-gov-develop.go-vip.net/wp-json/data-dashboard/v1/developers/%s/submissions
 ###################################################
 
+############ ASTP-AI CONNECTION PROPERTIES ###########
+astpai.authenticate.url=https://us-east-1zmkmlezba.auth.us-east-1.amazoncognito.com/oauth2/token
+astpai.authenticate.clientSecret=SECRET
+astpai.authenticate.clientId=SECRET
+astpai.domain=https://astp-dev.ainq.ai/api/
+astpai.rwtResultUrlValidation.endpoint=rwt-validations/from-url
+###################################################
+
 ######  CHPL-SERVICE DOWNLOAD JAR PROPERTIES ######
 dataSourceName=java:/comp/env/jdbc/openchpl
 ###################################################

chpl/chpl-service/src/main/java/gov/healthit/chpl/CHPLServiceConfig.java

@@ -277,6 +277,27 @@ public ClientHttpResponse intercept(HttpRequest request, byte[] body, ClientHttp
         return restTemplate;
     }
 
+    @Bean
+    public RestTemplate httpsRestTemplate()
+            throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException {
+        CloseableHttpClient httpClient = HttpClients.custom()
+                .setConnectionManager(PoolingHttpClientConnectionManagerBuilder.create()
+                        .setDefaultSocketConfig(SocketConfig.custom()
+                                .setSoTimeout(getRequestTimeout(), TimeUnit.MILLISECONDS)
+                                .build())
+                        .setTlsSocketStrategy(new DefaultClientTlsStrategy(
+                                SSLContexts.custom().loadTrustMaterial(TrustAllStrategy.INSTANCE).build(),
+                                NoopHostnameVerifier.INSTANCE))
+                        .build())
+                .build();
+
+        HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
+        requestFactory.setHttpClient(httpClient);
+        requestFactory.setConnectionRequestTimeout(getRequestTimeout());
+
+        return new RestTemplate(requestFactory);
+    }
+
     private int getRequestTimeout() {
         int requestTimeout = DEFAULT_REQUEST_TIMEOUT;
         String requestTimeoutProperty = env.getProperty("jira.requestTimeoutMillis");

chpl/chpl-service/src/main/java/gov/healthit/chpl/astpai/AmazonTokenResponse.java

@@ -0,0 +1,31 @@
+package gov.healthit.chpl.astpai;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@NoArgsConstructor
+@AllArgsConstructor
+@Builder
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class AmazonTokenResponse {
+    @JsonProperty("access_token")
+    private String accessToken;
+
+    @JsonProperty("id_token")
+    private String idToken;
+
+    @JsonProperty("refresh_token")
+    private String refreshToken;
+
+    @JsonProperty("token_type")
+    private String tokenType;
+
+    @JsonProperty("expires_in")
+    private Integer expiresIn;
+}

chpl/chpl-service/src/main/java/gov/healthit/chpl/astpai/AstpAiAuthenticationService.java

@@ -0,0 +1,73 @@
+package gov.healthit.chpl.astpai;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.HttpStatusCode;
+import org.springframework.http.ResponseEntity;
+import org.springframework.stereotype.Service;
+import org.springframework.web.client.HttpClientErrorException;
+import org.springframework.web.client.RestTemplate;
+
+import lombok.extern.log4j.Log4j2;
+import tools.jackson.core.JacksonException;
+import tools.jackson.databind.json.JsonMapper;
+
+@Log4j2
+@Service
+public class AstpAiAuthenticationService {
+
+    private RestTemplate httpsRestTemplate;
+    private String authenticationUrl;
+    private String authenticationRequestBody;
+    private JsonMapper jsonMapper;
+
+    @Autowired
+    public AstpAiAuthenticationService(RestTemplate httpsRestTemplate,
+            JsonMapper jsonMapper,
+            @Value("${astpai.authenticate.url}") String authenticationUrl,
+            @Value("${astpai.authenticate.clientSecret}") String authenticationClientSecret,
+            @Value("${astpai.authenticate.clientId}") String authenticationClientId) {
+        this.httpsRestTemplate = httpsRestTemplate;
+        this.jsonMapper = jsonMapper;
+        this.authenticationUrl = authenticationUrl;
+        this.authenticationRequestBody = String.format("grant_type=client_credentials&scope=default-m2m-resource-server-p3thsy/read&client_id=%s&client_secret=%s", authenticationClientId, authenticationClientSecret);
+    }
+
+    public AmazonTokenResponse authenticate() throws AstpAiRequestFailedException {
+        LOGGER.info("Making request to " + authenticationUrl);
+        ResponseEntity<String> response = null;
+        try {
+            LOGGER.debug("Request body:" + authenticationRequestBody);
+            HttpHeaders headers = new HttpHeaders();
+            headers.add("Content-Type", "application/x-www-form-urlencoded");
+            headers.add("Accept", "application/json");
+            headers.add("Accept-Encoding", "UTF-8");
+            HttpEntity<String> entity = new HttpEntity<>(authenticationRequestBody, headers);
+
+            response = httpsRestTemplate.exchange(authenticationUrl, HttpMethod.POST, entity, String.class);
+            LOGGER.debug("Response: " + response.getBody());
+        } catch (HttpClientErrorException httpEx) {
+            LOGGER.error("Unable to authenticate with the URL " + authenticationUrl + ". Message: " + httpEx.getMessage() + "; response status code " + httpEx.getStatusCode());
+            throw new AstpAiRequestFailedException(httpEx.getMessage(), httpEx, httpEx.getStatusCode());
+        } catch (Exception ex) {
+            HttpStatusCode statusCode =  (response != null && response.getStatusCode() != null
+                    ? response.getStatusCode() : HttpStatusCode.valueOf(HttpStatus.INTERNAL_SERVER_ERROR.value()));
+            LOGGER.error("Unable to authenticate with the URL " + authenticationUrl + ". Message: " + ex.getMessage() + "; response status code " + statusCode);
+            throw new AstpAiRequestFailedException(ex.getMessage(), ex, statusCode);
+        }
+
+        String responseBody = response == null ? "" : response.getBody();
+        AmazonTokenResponse token = null;
+        try {
+            token = jsonMapper.readValue(responseBody, AmazonTokenResponse.class);
+        } catch (JacksonException ex) {
+            LOGGER.error("Unable to read the response body as our custom AmazonTokenResponse", ex);
+            throw new AstpAiRequestFailedException(ex.getMessage(), ex);
+        }
+        return token;
+    }
+}

chpl/chpl-service/src/main/java/gov/healthit/chpl/astpai/AstpAiQueryService.java

@@ -0,0 +1,9 @@
+package gov.healthit.chpl.astpai;
+
+import org.springframework.stereotype.Service;
+
+@Service
+public class AstpAiQueryService {
+
+    //TODO methods to query the AI tool
+}

chpl/chpl-service/src/main/java/gov/healthit/chpl/astpai/AstpAiRequestFailedException.java

@@ -0,0 +1,44 @@
+package gov.healthit.chpl.astpai;
+
+import java.io.IOException;
+
+import org.springframework.http.HttpStatusCode;
+
+import lombok.Data;
+
+@Data
+public class AstpAiRequestFailedException extends IOException {
+    private static final long serialVersionUID = 3861221517156321545L;
+    private HttpStatusCode statusCode;
+
+    public AstpAiRequestFailedException() {
+        super();
+    }
+
+    public AstpAiRequestFailedException(String message) {
+        super(message);
+    }
+
+    public AstpAiRequestFailedException(String message, HttpStatusCode statusCode) {
+        super(message);
+        this.statusCode = statusCode;
+    }
+
+    public AstpAiRequestFailedException(String message, Throwable cause) {
+        super(message, cause);
+    }
+
+    public AstpAiRequestFailedException(String message, Throwable cause, HttpStatusCode statusCode) {
+        super(message, cause);
+        this.statusCode = statusCode;
+    }
+
+    public AstpAiRequestFailedException(Throwable cause) {
+        super(cause);
+    }
+
+    public AstpAiRequestFailedException(Throwable cause, HttpStatusCode statusCode) {
+        super(cause);
+        this.statusCode = statusCode;
+    }
+}

chpl/chpl-service/src/main/java/gov/healthit/chpl/scheduler/job/realworldtesting/RealWorldTestingUrlValidationJob.java

@@ -10,6 +10,9 @@
 import org.springframework.core.env.Environment;
 import org.springframework.web.context.support.SpringBeanAutowiringSupport;
 
+import gov.healthit.chpl.astpai.AmazonTokenResponse;
+import gov.healthit.chpl.astpai.AstpAiAuthenticationService;
+import gov.healthit.chpl.astpai.AstpAiRequestFailedException;
 import gov.healthit.chpl.auth.user.JWTAuthenticatedUser;
 import gov.healthit.chpl.email.ChplEmailFactory;
 import gov.healthit.chpl.email.ChplHtmlEmailBuilder;
@@ -45,6 +48,9 @@ public class RealWorldTestingUrlValidationJob extends QuartzJob {
     @Value("${surveillance.quarterlyReport.failure.subject}")
     private String quarterlyReportFailureSubject;
 
+    @Autowired
+    private AstpAiAuthenticationService astpAiService;
+
     @Autowired
     private ErrorMessageUtil msgUtil;
 
@@ -70,16 +76,25 @@ public void execute(JobExecutionContext jobContext) throws JobExecutionException
             Integer year = (Integer) jobDataMap.get(YEAR_KEY);
             setSecurityContext(user);
 
-            //TODO ensure URL type is RESULTS
+            //authenticate
+            AmazonTokenResponse token = null;
+            try {
+                token = astpAiService.authenticate();
+            } catch (AstpAiRequestFailedException ex) {
+                LOGGER.error("Unable to authenticate with ASTP-AI", ex);
+                sendErrorEmail(user.getEmail(), quarterlyReportFailureSubject,
+                        env.getProperty("surveillance.quarterlyReport.badJobData.htmlBody"));
+            }
             //TODO call AI endpoint, get response or handle error
+
             //TODO parse results and send email
-            sendEmail(user.getEmail(), quarterlyReportFailureSubject,
+            sendResultsEmail(user.getEmail(), quarterlyReportFailureSubject,
                                     env.getProperty("surveillance.quarterlyReport.fileError.htmlBody"));
 
         } else {
             JWTAuthenticatedUser user = (JWTAuthenticatedUser) jobDataMap.get(USER_KEY);
             if (user != null && user.getEmail() != null) {
-                sendEmail(user.getEmail(), quarterlyReportFailureSubject,
+                sendErrorEmail(user.getEmail(), quarterlyReportFailureSubject,
                         env.getProperty("surveillance.quarterlyReport.badJobData.htmlBody"));
             }
         }
@@ -126,7 +141,26 @@ private boolean isJobDataValid(JobDataMap jobDataMap) {
         return isValid;
     }
 
-    private void sendEmail(String recipientEmail, String subject, String htmlContent)  {
+    private void sendResultsEmail(String recipientEmail, String subject, String htmlContent)  {
+        LOGGER.info("Sending email to: " + recipientEmail);
+
+        try {
+            chplEmailFactory.emailBuilder()
+                    .recipient(recipientEmail)
+                    .subject(subject)
+                    .htmlMessage(chplHtmlEmailBuilder.initialize()
+                            .heading(subject)
+                            .paragraph("", htmlContent)
+                            .paragraph("", String.format(chplEmailValediction, acbatlFeedbackUrl))
+                            .footer(AdminFooter.class)
+                            .build())
+                    .sendEmail();
+        } catch (EmailNotSentException ex) {
+            LOGGER.error("Could not send email to " + recipientEmail, ex);
+        }
+    }
+
+    private void sendErrorEmail(String recipientEmail, String subject, String htmlContent)  {
         LOGGER.info("Sending email to: " + recipientEmail);
 
         try {